References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.

AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

(AV:N/AC:H/Au:N/C:N/I:N/A:P)

CWE-843

https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29

https://github.com/free5gc/aper/pull/11

https://github.com/free5gc/free5gc/

https://github.com/free5gc/free5gc/issues/831

https://github.com/free5gc/free5gc/issues/831#issue-3996453112

https://vuldb.com/submit/781573

https://vuldb.com/vuln/354735

https://vuldb.com/vuln/354735/cti